This text is taken from here: http://archives.neohapsis.com/archives/bugtraq/2002-06/0053.html From: Roger Marquis The Pine email client allows users to define the "From:" address independent of their Unix username. This is an indispensable feature for help desks and other role accounts. Unfortunately, user names and/or ids can still be leaked due to Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine versions earlier than 4.44 may also insert the Unix username into other envelope and header fields. That message also contains a patch for this issue.
This is a debatable security issue, it's the way many mailers worked, it was documented behaviour, and is of minimal security consequence. It's not worth issuing a security update for RHEL2.1 to correct this issue. wontfix.